[Dataloss] Keeping track of idtheft victims of breaches

Al Mac Wheel macwheel99 at wowway.com
Mon Jul 14 03:13:57 UTC 2008 

There are already several such efforts out there.  Perhaps your time could 
be better spent being a volunteer with attrition's open source data base of 
breaches.

There can be a large span of time between a breach, and the info used in id 
thefts.
I believe the US Congress is trying to pass legislation to give that job to 
the Secret Service.

According to the FTC, one in seven Americans at some time in their lives, 
will be a victim of id theft ... what's the US population now ... about 350 
million ... so that's 50 million names for the data base?  Plus similar 
volumes from other nations.

Not all of those victims are due to data breaches ... ther's also dumpster 
diving in garbage of ordinary people, proceeds from mugging, pkck pockets, 
insider crime, etc.

A lot of identity theft victims don't have a clear knowledge of which of 
the many breaches, some of which they were never notified of, were 
responsible for them becoming victims.  Sometimes when law enforcement 
captures some id theft criminals, they can back trace where they got the 
info, sometimes not.

Then many victims want to get their lives cleaned up, not become identified 
as a mark who was conned once, so is a potential victim for future con artists.

Al Macintyre

, Sasha Romanosky wrote:

>Hey everyone,
>
>I'd like to start keeping a record of those stories that cite actual numbers
>of identity theft victims from data breaches.
>
>I realize it's difficult to know, and there's much room for error, but it
>seems to me there is currently no record -- even a bad one -- of this kind
>of information. It also gives those interested a place to follow up for more
>detail.
>
>I have to think other people would be interested in these stories, too. To
>that end, I'd like to ask that if you come across any studies or articles
>(and if they're appropriate for this list) that you forward them on.
>Otherwise, please feel free to send them to me.
>
>Thanks a bunch,
>sasha
>
>
> >From checking some of my notes, I know of the following:
>- Choicepoint: 2900 (GAO-07-737)
>- UnitedHealthcare: 155,
>http://www.networkworld.com/news/2008/060308-unitedhealthcare-data-breach-le
>ads-to.html?code=nlsecuritynewsal142524
>- And in aggregate, the 3 studies I listed in my WEIS paper (Table 2).
>
>
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
>http://attrition.org/dataloss
>
>Tenable Network Security offers data leakage and compliance monitoring
>solutions for large and small networks. Scan your network and monitor your
>traffic to find the data needing protection before it leaks out!
>http://www.tenablesecurity.com/products/compliance.shtml

More information about the Dataloss mailing list